Local

Winnipeg Free Press - PRINT EDITION

Hacker gets confidential info from MDs' website

Privacy of online complaints a worry

By: Carol Sanders

Posted: 10/13/2010 1:00 AM | Comments: 0 (including replies)

Manitoba doctors are being warned their credit card information and patients' complaints could fall into the wrong hands after an online attack a month ago.

A hacker accessed confidential information on the College of Physicians and Surgeons of Manitoba website Sept. 11, said registrar Dr. Bill Pope.

"Something attacked the website - everything on it was gone," said Pope. He called it a "potential information breach" because there's been no indication the information has been used or abused.

In a letter to doctors Monday, the College said there was some irregular activity on its website last month, including significant crashes and data deletion. A security audit was conducted and it was determined the breach of the password-protected information occurred Sept. 11.

That information includes credit card numbers and expiry dates for physicians who registered online starting in 2006 along with limited personal health information about doctors that relates to their fitness to practice. Information about patient complaints filed since April 2008 was also accessible, including the name of the doctor, patient, and the general nature of the complaint. The College is informing patients who filed complaints of a sensitive nature, Pope said.

"Since there was no personal health information on the website, the Privacy Commissioner recommended direct notice to only those patients whose complaint classification is sensitive (such as a breach of trust and sexual behaviour)," Pope said.

The College said a security consultant has removed all private information from the website. It won't be restored until they're sure it's safe and it's tested by an independent third party, Pope said. They've contacted police, credit card processors and the provincial Ombudsman, in her role as privacy commissioner, he said. Doctors were advised in the letter to be vigilant about any unusual credit card activity, and to contact credit rating agencies to let them know about the online attack.

"They should've had the highest level of security possible," said one doctor who didn't want to be publicly named.

Doctors are known to be targeted by credit card information thieves because of their high income and credit limits, he said. They often travel so credit card purchases in strange places might not raise any red flags with the credit card company, said the Winnipeg physician.

He's also concerned about the privacy of online patient complaints. Many complaints are made by people with mental health issues, he said. "I don't think they should be naming the patients," said the doctor. Unsubstantiated complaints might be circulated and damage a doctors reputation, he said.

Winnipeg privacy expert and business lawyer Brian Bowman said the College's letter was a good start at regaining trust in the wake of the security breach.

"It's actually impressive they were as clear and forthright in their letter as they were," said Bowman. "Privacy legislation doesn't necessarily oblige an organization to notify people in the event of breaches," he said. "Still, it's a good practice and most credible organizations will notify people, regardless of the law," he said.

Bowman hasn't heard of information thieves targeting doctors or any other professionals. "The big concern I'm hearing is that organized crime is much more involved in identity theft and it can be quite a lucrative business." Bowman said affected doctors should monitor their credit activity.

"People shouldn't brush it off," said Bowman.

carol.sanders@freepress.mb.ca

Republished from the Winnipeg Free Press print edition October 13, 2010 B2

(You must be logged in to post your reaction)

Your reaction?

More Local

Undock

You can comment on most stories on winnipegfreepress.com. You can also agree or disagree with other comments. All you need to do is register and/or login and you can join the conversation and give your feedback.

The Winnipeg Free Press does not necessarily endorse any of the views posted. By submitting your comment, you agree to our Terms and Conditions. These terms were revised effective April 16, 2010; View the changes. New to commenting? Check out our Frequently Asked Questions.